If it's like the fake FBI/Interpol browser lock page, This add-on can stop such pages; https://addons.mozilla.org/en-US/firefox/addon/disallow-script-button/ disallow Script Button

The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

Another way out of the trap is to (force it if needed) Close Firefox. Wait about 20 seconds for Firefox to finish closing. Right-click on the Firefox icon and select Open New Window. +++++++++++++++++++++++++++++++++ Sometimes this works. If it opens, close it by Menu > File > Exit. This will flush out that web page from the Session Store.

FredMcD said

If it's like the fake FBI/Interpol browser lock page, This add-on can stop such pages; https://addons.mozilla.org/en-US/firefox/addon/disallow-script-button/ disallow Script Button The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

---

Another way out of the trap is to (force it if needed) Close Firefox. Wait about 20 seconds for Firefox to finish closing. Right-click on the Firefox icon and select Open New Window. +++++++++++++++++++++++++++++++++ Sometimes this works. If it opens, close it by Menu > File > Exit. This will flush out that web page from the Session Store.

"Not compatible with Firefox Quantum"

The worst part with the new Firefox is that the addons that make Firefox secure/better than Chrome is no longer working.

And yes, I was forced to close the Firefox window to escape. But i rather not have this problem the next time a webbpage tries to redirect me to a malware site.

What I want is to make Firefox stop sending me these messages that bricks the window. (I was forced to kill firefox.exe process)

You need to be using a good Firewall and a Anti-Malware Program. It is a must to use both these days. Your uMatrix 1.1.0 has severe limitations and see that it did nothing for you. The programs you need for the job get updated hundreds of times a day with revocation lists, white-lists and blacklists. I do not know if using another firewall but if you are need to read compatibility between uMatrix and your other program as you could be cancelling one or the other out.

https://addons.mozilla.org/en-GB/firefox/addon/https-everywhere/

https://addons.mozilla.org/en-US/firefox/tag/malware%20blocker

You will have to sort through these : https://addons.mozilla.org/en-US/firefox/extensions/privacy-security/

Please let us know if this solved your issue or if need further assistance.

Pkshadow said

You need to be using a good Firewall and a Anti-Malware Program. It is a must to use both these days. Your uMatrix 1.1.0 has severe limitations and see that it did nothing for you. The programs you need for the job get updated hundreds of times a day with revocation lists, white-lists and blacklists. I do not know if using another firewall but if you are need to read compatibility between uMatrix and your other program as you could be cancelling one or the other out. https://addons.mozilla.org/en-GB/firefox/addon/https-everywhere/ https://addons.mozilla.org/en-US/firefox/tag/malware%20blocker You will have to sort through these : https://addons.mozilla.org/en-US/firefox/extensions/privacy-security/ Please let us know if this solved your issue or if need further assistance.

My protection is good enough. 10 years and virus/malware protection never said anything, so they are useless.

The problem is that Firefox let rouge websites brick Firefox by constantly sending these messages that I can't block. I want to block them.

Until I get NoScript (and if it even will get released as the new API is extremely limited), I need a way to make Firefox not let rouge website brick it by spamming messages to it.

First, a lot of these pages work on a reload cycle. Pressing the Esc key several times quickly can break the cycle by closing the current prompts and canceling the reload so you can close the tab normally.

Second, I agree that holding off on Firefox 57 until the WebExtensions version of NoScript is final would be a very good idea. I believe uMatrix can be set to be similarly paranoid by blocking first party scripts by default, but I haven't tried it (I find its UI pretty confusing).

jscher2000 said

First, a lot of these pages work on a reload cycle. Pressing the Esc key several times quickly can break the cycle by closing the current prompts and canceling the reload so you can close the tab normally. Second, I agree that holding off on Firefox 57 until the WebExtensions version of NoScript is final would be a very good idea. I believe uMatrix can be set to be similarly paranoid by blocking first party scripts by default, but I haven't tried it (I find its UI pretty confusing).

Spamming esc might have worked, didn't try that.

The problem with WebExtensions is that it is extremely limited, and I don't see how it could work the same way with the new API, unless they butcher it. But then I wonder how useful it would be. Then again, something useful might have been added to the API since the last time I glanced at it.

I find uMatrix quite easy, left row is the webbpage, top row is the items, green for allow, red for block. then just block the item you don't want. It does however require constant messing around with when visiting new sites. But so does NoScript.

My understanding from the author is that nearly all of the features are possible with the WebExtension APIs in Firefox 57:

https://forums.informaction.com/viewtopic.php?p=90133#p90133

That said, it's taking a long time considering people will start needing it very, very soon.

If all Firefox addons will work with the WebExtension API, which it must do from 57+. Then why use Firefox at all?

I'm only using Firefox over Chrome because of the addons. Sure there is a privacy issue, but I don't really care about that. However 58 will have multi threading so that might change stuff.

Some add-on features won't be possible in Firefox 57. Each person will have to make their own judgment about how to move forward based on their individual needs.

I have had a similar problem with a page that says I need a firefox update. Then there is a confirmation box, and when I close it, it just keeps coming up again and again. Can't access the menu, can't click any buttons, can't close the tab. this is definitely an issue Firefox must address. there is no excuse for a page to do this to a browser. this has come up a few times and each time it has a different url, so I can not block it. This is the last url to do it: http://webcaretool.xyz

A way out of the trap is to (force it if needed) Close Firefox. Wait about 20 seconds for Firefox to finish closing. Right-click on the Firefox icon and select Open New Window. +++++++++++++++++++++++++++++++++ Sometimes this works. If it opens, close it by Menu > File > Exit. This will flush out that web page from the Session Store.

I should not have to open taskmanager to kill Firefox. This is a serious security issue with Firefox. This page wants to load software on my computer. Accidentally doing something wrong could cause serious damage. I can not configure security addons, because I can not open them. If Firefox continues to ignore this dangerous situation, then Firefox does not need to exist. I feel this attitude of ignoring this issue reckless, foolish and even grossly negligent.

Hi Redenegue, these attack pages are constantly updating their designs, and Firefox updates on a slower schedule. Some changes are coming or may be here now to prevent a single bad page from locking up the entire browser.

However, there still are some bad behaviors these pages can use, such as changing to full screen to make it harder to close the tab with the mouse. But full screen is a feature that many legitimate websites use, so how to distinguish one from the other?

I suppose one possible change would be to add a "Close Tab" button on all the various dialogs these attack pages pop up. There's a risk that people will click it accidentally, so it probably will need to preserve the option to "Undo Tab Close" (as opposed to a "Close Tab, Flush This Site, Never Come Back" button).

Here in support we generally focus on the Firefox we have today. To suggest new or updated features, you can try these channels:

• Feedback: https://qsurvey.mozilla.com/s3/FirefoxInput/
• Reddit: https://www.reddit.com/r/firefox/
• Twitter: https://twitter.com/firefox
• Facebook: https://www.facebook.com/Firefox

jscher2000 said

Hi Redenegue, these attack pages are constantly updating their designs, and Firefox updates on a slower schedule. Some changes are coming or may be here now to prevent a single bad page from locking up the entire browser. However, there still are some bad behaviors these pages can use, such as changing to full screen to make it harder to close the tab with the mouse. But full screen is a feature that many legitimate websites use, so how to distinguish one from the other? I suppose one possible change would be to add a "Close Tab" button on all the various dialogs these attack pages pop up. There's a risk that people will click it accidentally, so it probably will need to preserve the option to "Undo Tab Close" (as opposed to a "Close Tab, Flush This Site, Never Come Back" button). Here in support we generally focus on the Firefox we have today. To suggest new or updated features, you can try these channels:

• Feedback: https://qsurvey.mozilla.com/s3/FirefoxInput/
• Reddit: https://www.reddit.com/r/firefox/
• Twitter: https://twitter.com/firefox
• Facebook: https://www.facebook.com/Firefox

How about not let sites send these message every ms? how about if the site send more than 5 messages in 30sec you block the site from sending more messages?

This isn't a hard problem to solve, so I don't know why you make it sound like this is a near impossible to solve. This is a massive oversight from the devs, I can't imagine that the devs would find it acceptable that a site can force the user to kill the Firefox process to close the site.

Frejoh466 said

How about not let sites send these message every ms? how about if the site send more than 5 messages in 30sec you block the site from sending more messages?

You can submit your suggestions on one or more of the sites I suggested.

This isn't a hard problem to solve, so I don't know why you make it sound like this is a near impossible to solve.

I'm pretty sure I didn't say it was near impossible. It's a question of how many legitimate sites you want to break by blocking standard browser features. For example, you would think preventing sites from showing "alert" dialogs (the ones with just an OK button) after a maximum of 20 in a row would be a no-brainer, but several developers posted that their business applications were broken by this change.

Does a legit service need to lock your page, lock exiting Firefox, prevent switching tabs, prevent accessing menus and prevent closing your tab? And while I am at it, why would a legit business open secret background windows? Or maybe I am missing something to prevent Firefox from opening more than one instance? Or why should I even have to care? No site should ever be allowed to open multiple instances of Firefox. I really think there is more going on here. And I think it has to do with "push" tech. That is one reason I will never upgrade to Win 10. Never seen such get in your face shit from an OS!

Hi Redenegue, I'm not aware of a feature in any browser to observe a pattern of dialogs and UI changes over time the way a human can. That will be an interesting problem to work on.

In my view, this is a user interface problem. You can click two cancels and press Ctrl+w to close the tab. However, most people do not realize that because they aren't old enough to remember how computers worked before the mouse. That's why I suggested adding a Close Tab button to those dialogs.

And while I am at it, why would a legit business open secret background windows? Or maybe I am missing something to prevent Firefox from opening more than one instance?

Do you mean a "pop-under" window? As far as I know, this usually is used for advertising. However, a pop-under uses the same mechanism as a pop-up and legitimate sites do use pop-up windows. Maybe someone can distinguish them based on where the new window ends up in the "z order" at some defined point in time. Again, this would be an after the fact behavioral observation and not a gate on triggering the new window in the first place.

A pop up is hardly the same as a new instance of Firefox. And this behavior certainly can and should be stopped. I will attempt to close a tab as you said, but since no menus work, I do not think clicking anything will help. And still it does not address why a site should lock up Firefox so completely. I repeat, you have a serious security problem. How can you allow a site to have complete control over your program? BTW, in case you did not investigate, the site says I must install an update to Firefox. You need to address this issue too.

I repeat, you have a serious security problem.

Hi Redenegue, in case it wasn't clear, support volunteers are not Firefox developers. I think I've pointed you to the best locations for giving your input on this issue. And I've provided you the most relevant workaround for missing menus and buttons that I know of, which is the keyboard shortcut to close the current tab.